Internal Auditing

Risk Assessment Process

Risk
assessment is the identification and analysis of relevant risks to the
achievement of an organization's objectives, for the purpose of determining how
those risks should be managed.

During the risk assessment process, Internal Auditing identifies and
assesses both the likelihood and potential impact of various risks to the
organization. Internal controls are
then identified and evaluated to determine how adequate they are in reducing risk
to ensure that residual risk is at manageable levels. Residual risk is the risk that something will
occur after controls or procedures are implemented to prevent it. In addition to audits required by state
regulations, those activities or functions with higher levels of residual risk
are typically selected for audits.

Developing
the Audit Plan:

The WIU Office of Internal
Auditing develops the annual audit plan using a risk-based approach. The annual risk assessment process occurs in
late spring or early summer to facilitate the development of a two-year audit
plan. Internal Auditing conducts the
risk assessment process through discussions with management; review and
analysis of budgets and proposed programs; and a systematic evaluation of risk
factors covering the functional and organizational units of the
University. Based upon the results of
the risk analysis, a proposed audit plan is presented to the Senior Executive
Cabinet for their review and approval.
Upon consensus by the Cabinet, the audit plan is submitted to the
University President for approval. Next,
the audit plan is presented to the University Board of Trustees Audit Committee
for their review and approval. The
two-year plan is updated annually and may be modified as unplanned issues of
potential risk are identified throughout the year. The plan is required to be completed before
June 30th of each year for the next two fiscal year periods.